<% @path = "/etc/graylog2.conf" %> # On which port (UDP) should we listen for Syslog messages? (Standard: 514) syslog_listen_port = <%= rubber_env.graylog_server_syslog_port %> syslog_protocol = udp # ElasticSearch URL (default: http://localhost:9200/) elasticsearch_url = http://<%= rubber_instances.for_role('graylog_elasticsearch').first.full_name %>:9200/ elasticsearch_index_name = <%= rubber_env.graylog_elasticsearch_index %> # Always try a reverse DNS lookup instead of parsing hostname from syslog message? force_syslog_rdns = false # MongoDB Configuration mongodb_useauth = false mongodb_user = grayloguser mongodb_password = 123 mongodb_host = <%= rubber_instances.for_role('graylog_mongodb').first.full_name %> #mongodb_replica_set = localhost:27017,localhost:27018,localhost:27019 mongodb_database = <%= rubber_env.graylog_mongo_database %> mongodb_port = 27017 # Graylog2 uses an internal message queue that holds all received messages until they are indexed. The mq_batch_size parameter defines how many messages are sent # to ElasticSearch at once (using a _bulk update: http://www.elasticsearch.org/guide/reference/api/bulk.html). The mq_poll_freq parameter controls in which # interval (in seconds) the message batch is sent. Example: If you leave the standard values (mq_batch_size = 4000, mq_poll_freq = 1), Graylog2 will index 4000 messages # every second. If you have spikes with more than 4000 messages per second, the queue will start growing until you get under 4000 messages/second again. The queue is # FIFO and can grow until you run out of RAM. Note that the queue *only* resists in RAM, so if you set the mq_poll_freq to a high value, you may lose a lot of not yet # indexed messages when the server crashes. Run the server in debug mode (java -jar graylog2-server.jar --debug) with a |grep '^INFO' to see debug information about # the queue and it's size. (INFO : org.graylog2.periodical.BulkIndexerThread - About to index max 4000 messages. You have a total of 103 messages in the queue. [freq:1s]) # You can also monitor the queue size in your graylog2-web-interface. mq_batch_size = 4000 mq_poll_freq = 1 # You can set a maximum size of the message queue. If this size is reached, all new messages will be rejected until messages are removed/indexed from the queue. # 0 = unlimited queue size (default) mq_max_size = 0 # Raise this according to the maximum connections your MongoDB server can handle if you encounter MongoDB connection problems. mongodb_max_connections = 100 # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5 # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, then 500 threads can block. More than that and an exception will be thrown. # http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier mongodb_threads_allowed_to_block_multiplier = 5 # Graylog Extended Log Format (GELF) use_gelf = true gelf_listen_address = 0.0.0.0 gelf_listen_port = <%= rubber_env.graylog_server_port %> # Drools Rule File (Use to rewrite incoming log messages) # rules_file = /etc/graylog2.d/rules/graylog2.drl # AMQP amqp_enabled = false amqp_subscribed_queues = somequeue1:gelf,somequeue2:gelf,somequeue3:syslog amqp_host = localhost amqp_port = 5672 amqp_username = guest amqp_password = guest amqp_virtualhost = / # Forwarders # Timeout in seconds for each connection and read of Logg.ly API when forwarding messages. Default: 3 forwarder_loggly_timeout = 3